15
Tier Criteria
Tier 1 “Higher Risk”
A device is a Tier 1 device if the following criteria are met:
• The device is capable of connecting (e.g., wired, wirelessly) to
another medical or non-medical product, or to a network, or to
the Internet; AND
• A cybersecurity incident affecting the device could directly
result in patient harm to multiple patients.
Examples of Tier 1 devices:
implantable cardioverter defibrillators (ICDs),
pacemakers, left ventricular assist devices (LVADs),
brain stimulators and neurostimulators, dialysis devices,
infusion and insulin pumps; and the supporting
connected systems that interact with these devices
such as home monitors and those with command and
control functionality such as programmers.